Important capabilities and updates to improve your security posture and protect your customers' tenants are now available.
We'd like to share the latest dates for the upcoming granular delegated admin privileges (GDAP) milestones.
Microsoft will begin transitioning DAP relationships to GDAP roles as of May 22, 2023. Details on the GDAP roles can be found in the April announcement.
A notification is sent to the admin agent security group users once the GDAP relationship has been set up successfully.
Important May 23 update: Based on partner feedback received, we have suppressed the GDAP notifications when relations are set up successfully during this Microsoft-led transition process.
This transition excludes scenarios where a GDAP relationship exists in an expired, pending, or terminated state.
For more information, see GDAP Microsoft-led transition.
DAP is currently granted when a new customer tenant is created. As of September 25, 2023, Microsoft will no longer grant DAP for new customer creation and will instead grant GDAP with default roles when a new customer tenant is created.
The default roles vary by partner type. The following table lists the respective roles:
Default Azure Active Directory (Azure AD) roles granted | Description | Indirect providers | Indirect resellers | Direct partners |
---|---|---|---|---|
Directory readers | Can read basic directory information; commonly used to grant directory read access to applications and guests | x | x | x |
Directory writers | Can read and write basic directory information; for granting access to applications, not intended for users | x | x | x |
License administrator | Can manage product licenses on users and groups | x | x | x |
Service support administrator | Can read service health information and manage support tickets | x | x | x |
User administrator | Can manage all aspects of users and groups, including resetting passwords for limited admins | x | x | x |
Privileged role administrator | Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management | x | x | x |
Help desk administrator | Can reset passwords for nonadministrators and help desk administrators | x | x | x |
Privileged authentication administrator | Can access to view, set, and reset authentication method information for any user (admin or nonadmin) | x | x | x |
Cloud application administrator | Can create and manage all aspects of app registrations and enterprise apps except App Proxy | x | ||
Application administrator | Can create and manage all aspects of app registrations and enterprise apps | x | ||
Global reader | Can read everything that a global administrator can, but can't update anything | x | x | x |
The tool is still available through the end of November 2023.
Partners should continue:
Some other security updates are as follows:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.